CVE-2023-22480
HIGH7.3EPSS 75.6%KubeOperator allows unauthorized access to system API
發布日:2023/1/9修改日:2023/11/8
描述
### Summary Unauthorized access refers to the ability to bypass the system's preset permission settings to access some API interfaces. The attack exploits a flaw in how online applications handle routing permissions. ### Affected Version <= v3.16.3 ### Patches The vulnerability has been fixed in v3.16.3. https://github.com/KubeOperator/KubeOperator/commit/7ef42bf1c16900d13e6376f8be5ecdbfdfb44aaf ### Workarounds It is recommended to upgrade the version to v3.16.4. ### For more information If you have any questions or comments about this advisory, please open an issue. ### References https://github.com/KubeOperator/KubeOperator/releases/tag/v3.16.4
受影響套件(1)
- Go/github.com/KubeOperator/KubeOperatorfrom 0, <= 3.16.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-22480
- PATCHhttps://github.com/KubeOperator/KubeOperator
- WEBhttps://github.com/KubeOperator/KubeOperator/commit/7ef42bf1c16900d13e6376f8be5ecdbfdfb44aaf
- WEBhttps://github.com/KubeOperator/KubeOperator/releases/tag/v3.16.4
- WEBhttps://github.com/KubeOperator/KubeOperator/security/advisories/GHSA-jxgp-jgh3-8jc8